In 2021, Indexed Finance, a project based on Ethereum, suffered a significant hack, losing $16 million. However, the team has since managed to thwart two Indexed DAO hijack attempts and is now set to return control of its DAO to the original founders. The aim is to use the remaining treasury to compensate the victims of the 2021 hack.
Unraveling the Hijack Attempts
Laurence Day, a former key contributor, detailed in a thread how the Indexed community came together to defeat two attempts to seize control of the remaining treasury of Indexed DAO. The attackers had bought substantial amounts of the protocol’s NDX token and tried to grab approximately $120k worth of digital assets still under the DAO’s control through malicious proposals.
The first proposal, conspicuously lacking a title or description to possibly avoid detection, was defeated after Day and others mobilized the Indexed DAO community to vote against it. The proposal was just an hour away from being passed when a surge of ‘no’ votes overturned it.
Anticipating and Preparing for a Second Attack
Given that the Indexed team had to rally votes publicly against the proposal, Day speculated that a similar attack was imminent. He also pointed out an additional vulnerability that could expose funds outside the DAO’s treasury if the DAO were to fall into the wrong hands.
To mitigate the risk of a second attack, the Indexed DAO approved a ‘poison pill’ proposal. This allowed them to burn the remaining treasury funds if necessary, to deter any attacker.
Thwarting the Second Attack
As anticipated, a second attack did occur. The attacker initially tried to negotiate for 50% of the remaining treasury, as evidenced by on-chain messages. Indexed founder Dillon Kellar responded with an offer of $10,000 in DAI stablecoins, threatening to burn the entire treasury if the attacker did not agree.
With just four hours left until Kellar’s deadline, and after trying to negotiate for $17,000, the attacker accepted the original offer and withdrew their malicious proposal. Control of the DAO is now set to return to a multisig controlled by Day, Kellar, and pseudonymous cofounder PR0. They plan to use the remaining treasury funds to reimburse victims of the 2021 hack.
“We’ll deal with the administrative hassle later, but the Indexed saga is over,” Day posted.
Keeping track of such events in the crypto space can be challenging, but with tools like cryptoview.io, it becomes a breeze. This application offers a comprehensive view of the crypto market, helping users stay updated with the latest developments.
